Zeros Are Heroes: NSEC3 Parameter Settings in the Wild
• 7 min read
Hashed authenticated denial of existence appeared back in 2008 to prevent DNS zone walking. Since then, best practices have changed and were updated in RFC 9276. This article examines how the current landscape of authoritative name servers and resolvers complies with these recommendations.
